[Pkg-shadow-devel] Bug#620898: Moving bash from essential/required to important?

Guillem Jover guillem at debian.org
Mon Apr 4 23:49:17 UTC 2011 

Package: login
Version: 1:4.1.4.2+svn3283-3
Severity: wishlist
Tags: patch

Hi!

On Mon, 2011-04-04 at 10:16:35 -0700, Steve Langasek wrote:
> On Mon, Apr 04, 2011 at 06:04:20PM +0200, Luk Claes wrote:
> > What do others think of moving bash to important (required and important
> > are part of the base system)?

I also think this would be great!

> Consider that 'base-passwd' and 'login' are also part of the essential set.
> Why?  Because being able to log in as root is part of the "minimal set of
> functionality that must be available and usable on the system at all times".
> 
> So if we drop bash from essential, how do we guarantee that root can log in? 
> Do we set root's default shell to /bin/sh instead?  I don't think anyone
> would be happy with that except those people who already change it to zsh
> anyway.  :-)

Well, we can always fix login to behave more robustly, no? :)

> If login worked consistently in the face of the configured shell going
> missing (automatically falling back to /bin/sh for root), then I think it
> would be worthwhile to do the work necessary to remove bash from the
> essential set.  But until then, the primary purpose of Essential, to me, is
> the "minimal set guaranteed to be usable" aspect, not the "you don't have to
> depend on it" aspect.

That's more or less what the attached patch does. It could certainly be
improved, as the knowledge of when to fallback is spread all over the
place, but that's an existing problem in the code anyway.

The SHELL variable in configure.in is changed to an explicit "/bin/sh"
because relying on $SHELL might change depending on the shell used for
configure, and the existing code expects /bin/sh for fallback and script
invokation cases, this could be considered a bug on its own though. The
only fishy point is when calling shell() with a second argument, which
will get preserved, and might not quite match what was invoked
afterwards, but probably not worth worrying.

The code could also warn that it needed to fallback to a POSIX shell,
but I'm not sure what's the policy from the shadow code PoV here.

Tested with:

  # chsh root -s /bin/csh
  chsh: Warning: /bin/csh does not exist
  # su
  # echo $SHELL
  /bin/sh
  # exit
  # su -
  # echo $SHELL
  /bin/sh
  # exit
  # login -f root
  Last login: Tue Apr  5 01:36:13 CEST 2011 on pts/10
  # echo $SHELL
  /bin/sh

And on a virtual console.

regards,
guillem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow-fallback-posix-sh.patch
Type: text/x-diff
Size: 2422 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20110405/049961ce/attachment.patch>

More information about the Pkg-shadow-devel mailing list